1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in SetRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2007-09-16 16:54:16 +00:00
parent 4541a4d3a9
commit 0f4fb9755c

View File

@ -55,6 +55,7 @@ class SetRemoteAddrFromForwardedFor(object):
return None
else:
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
# Take just the first one.
real_ip = real_ip.split(",")[0]
# Take just the last one.
# See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
real_ip = real_ip.split(",")[-1].strip()
request.META['REMOTE_ADDR'] = real_ip